Microsoft plans to release 12 security updates Tuesday, fixing a variety of security holes in such programs as Windows, Office, Visual Studio, Windows Live OneCare, Defender and ForeFront. Many of the security bulletins will be for critical problems.
Specifically, Microsoft said in its advance notification Thursday, IT administrators can expect:
- Five critical Windows fixes delivered via the Microsoft Baseline Security Analyzer. Some updates will require a restart.
- Two critical Office fixes delivered via the Microsoft Baseline Security Analyzer.
- One critical fix for Data Access Components delivered via the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
- One critical fix for Windows Live OneCare, Antigen, Windows Defender and ForeFront. These products provide built-in mechanisms for automatic detection and deployment of updates.
- One important update for Windows and Visual Studio delivered via the Microsoft Baseline Security Analyzer and Enterprise Scan Tool.
- One important Windows and Office update delivered via the Microsoft Baseline Security Analyzer.
- One important update for the Step-by-Step Interactive Training program delivered via the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
Many of the software updates will likely require software and/or system restarts.
The software giant will also update its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center, and IT professionals can learn more about the fixes by tuning in to a Webcast Wednesday at 11 a.m. PT.
One of the Office updates may address a recently-disclosed zero-day flaw in several versions of Microsoft Office. Opening a specially crafted Excel file may permit an attacker to execute arbitrary code.
Microsoft said Monday that it was investigating what it called "very limited" reports from the field regarding Microsoft Excel files that exploit a vulnerability in certain versions of Microsoft Office, including: Microsoft Office 2000, Office XP, Office 2003, and Office 2004 for Mac. The company added that a fix was being developed.
The software giant is also dealing with at least four zero-day flaws in Word, though it remains to be seen how many of those issues will be fixed this month.
"Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released," Microsoft said.